Give Read-only access to a git repository

Question

I'm not sure if this should go here, or on superuser (as it seems to pertain to both topics), so I've put it here, if it's not appropriate, I'll go ask it on superuser.

Anyway, I have a git repository that can't go completely open source (otherwise I would just put it on github and be done with it), and I have a server that I have ssh access (but not superuser access) to, this server has all of the git binaries already on it. I need to give someone read-only access to this git-repo (or at least read-only access to some of the branches, although I would imagine that's a lot harder).

Currently I'm using ssh to push and poll my local git repo to this server. Is there any way to give another person read only access to the server? (I suppose I am fine with us both having write access to the repo, although I'm not sure how to do that with unix permissions, as I don't have the ability to make new unix groups as I don't have superuser permissions).

Thank you for your help.

Answer 1

You want to use the git protocol. http://www.kernel.org/pub/software/scm/git/docs/git-daemon.html

It'll be public to everybody, which may not be what you want, but nobody will be able to do a push over git://.

You can control what branches they can access by only pushing the branches you want to be accessible to it.
I would do this by having a separate clone from your ssh enabled private repository, and then add that as a remote. Then you can do git push pub public-branch, so then private-branch won't be accessible from that location.

Answer 2

In .ssh/authorized_keys you can specify a command that is always run when a given public key is used to log in. You could probably set this to git-upload-pack /path/to/repo.git and git pull just might work. There may very well be non-obvious security pitfalls with this approach.

See the sshd manual page for the format of the authorized_keys file.